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DETAILED ACTION 

1. Claims 1-71 are pending. 

Information Disclosure Statement 

2. The Information Disclosure Statement respectfully submitted on 23 October 2003 
has been considered by the Examiner. 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

4. Claims 28-34 and 43 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. The claims lack the, necessary 
physical articles or objects to constitute a machine or a manufacture within the meaning 
of § 101 . They are clearly not a series of steps or acts to be a process nor are they a 
combination of chemical compounds to be a composition of matter. As such, they fail to 
fall within a statutory category. They are, at best, functional descriptive material perse. 
Data structures claimed as embodied in computer-readable media are descriptive 
material perse and are not statutory because they are not capable of causing functional 
change in the computer. Such claimed data structures do not define any structural and 
functional interrelationships between the data structure and other claimed aspects of the 
invention which permit the data structure's functionality to be realized. Furthermore, 
within the Specification, computer-readable media is defined as having tangible and 
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non-tangible embodiments. On pages 7-8, computer-readable media comprising (i.e. 
CD-ROM or magnetic disk) is considered storage media and is tangible, computer- 
readable media comprising (i.e. data structures or program code) is considered 
transmission media and is not tangible. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

6. Claims 1-27, 35-42, and 44-71 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Spies et al. (Pub No. 2003/0138353). 

Referring to the rejection of claims 1 and 23, Spies et al. discloses in a network 
environment that includes a plurality of computing systems capable of communicating 
using electronic messaging, a method for a source computing system constructing an 
electronic message, the method comprising the following: 

an act of designating at least one destination address in the electronic message, 
the destination address corresponding to one or more recipient computing devices; 
(See page 7, Section 0084) 
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an act of including a first security token in a header portion of the electronic 
message, the first security token being at least derived from a first credential of a first 
credential type; (See page 3, Section 0042) 

and an act of including a second security token in the header portion of the 
electronic message, the second security token being at least derived from a second 
credential of a second credential type (See page 14, Section 0157) 

Referring to the rejection of claim 2, Spies et al. discloses the claimed limitation 
wherein the first security token is biometric data (See page 3, Section 0042) 

Referring to the rejection of claim 3, Spies et al. discloses the claimed limitation 
wherein an act of including an encryption manifest in the header portion to thereby 
designate portions of a body portion of the electronic message that are encrypted (See 
page 9, Sections 0099-0101) 

Referring to the rejection of claim 4, Spies et al. discloses the claimed limitation 
wherein an act of transmitting the electronic message with the first security token and 
the second security token in the header portion to the one or more recipient computing 
devices (See page 3, Section 0043) 

Referring to the rejection of claim 5, Spies et al. discloses the claimed limitation 
wherein the first security token is the first credential (See page 6, Section 0069) 

Referring to the rejection of claim 6, Spies et al. discloses the claimed limitation 
wherein the first security token is a first signature that was generated using the first 
credential (See page 3, Section 0042) 
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Referring to the rejection of claim 7, Spies et al. discloses the claimed limitation 
wherein an act of including the first credential in the electronic message (See page 6, 
Section 0069) 

Referring to the rejection of claim 8, Spies et al. discloses the claimed limitation 
wherein the second security token is the second credential (See page 6, section 0070) 

Referring to the rejection of claim 9, Spies et al. discloses the claimed limitation 
wherein the second security token is a second signature that was generated using the 
second credential (See page 3, Section 0042) 

Referring to the rejection of claim 10, Spies et al. discloses the claimed limitation 
wherein an act of including the second credential in the electronic message (See page 
7, Section 0078) 

Referring to the rejection of claim 1 1 , Spies et al. discloses the claimed limitation 
wherein the at least one destination address corresponds to at least a first and a second 
recipient computing system, the first computing system using the first credential to 
identify the source computing system, and the second computing system using the 
second credential to identify the source computing system (See page 13, Section 0143) 

Referring to the rejection of claims 12 and 25, Spies et al. discloses the claimed 
limitation wherein an act of determining that the first recipient computing system uses 
the first credential to identify the source computing system; (See page 6, Section 0069) 

and an act of determining that the second recipient computing system uses the 
second credential to identify the source computing system (See page 6, section 0070) 
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Referring to the rejection of claim 13, Spies et al. discloses the claimed limitation 
wherein the at least one destination address corresponds to at least a first recipient 
computing system that uses both of the first credential and the second credential to 
identify the source computing system (See page 13, Section 0143) 

Referring to the rejection of claims 14 and 26, Spies et al. discloses the claimed 
limitation wherein an act of determining that the first recipient computing system uses 
both of the first credential and the second credential to identify the source computing 
system (See page 14, Section 0166) 

Referring to the rejection of claim 15, Spies et al. discloses the claimed limitation 
wherein the at least one destination address corresponds to at least a first recipient 
computing system that uses the first credential and the second credential to identify the 
source computing system, the electronic message also traversing through an 
intermediary computing system that uses the second credential to identify the source 
computing system (See page 6, Section 0070) 

Referring to the rejection of claims 16 and 27, Spies et al. discloses the claimed 
limitation wherein an act of determining that the first recipient computing system uses 
the first credential to identify the source computing system; (See page 6, Section 0069) 

and an act of determining that the intermediary computing system uses the 
second credential to identify the source computing system (See page 6, Section 0070) 

Referring to the rejection of claim 17, Spies et al. discloses the claimed limitation 
wherein an act of designating an intermediary address that corresponds to the 
intermediary computing device (See page 6, Section 0075) 
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Referring to the rejection of claim 18, Spies et al. discloses the claimed limitation 
wherein an act of encoding the first security token; 

an act of including, in the header portion, an identification of an encoding format 
of the first security token; (See page 3, Section 0042) 

and an act of including, in the header portion, an identification of a type of the 
security token (See page 10, Section 0116) 

Referring to the rejection of claim 19, Spies et al. discloses the claimed limitation 
wherein the security token comprises a credential (See page 12, Section 0135) 

Referring to the rejection of claim 20, Spies et al. discloses the claimed limitation 
wherein the first security token is a signature generated by a user, the method further 
comprising: 

an act of generating a reference indicating where a credential associated with the 
user may be found; (See page 12, Section 0135) 

an act of including the reference in the header portion of the electronic message 
(See page 12, Section 0136) 

Referring to the rejection of claim 21, Spies et al. discloses the claimed limitation 
wherein the electronic message is a Simple Object Access Protocol (SOAP) envelope in 
which the header portion is the header portion of the SOAP envelope (See page 1 1 , 
Section 0122) 

Referring to the rejection of claim 22, Spies et al. discloses the claimed limitation 
wherein the electronic message is a HyperText Transport Protocol (HTTP) message, 
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and wherein the header portion is a header portion of the HTTP message (See page 11, 
Section 0123) 

Referring to the rejection of claim 24, Spies et al. discloses the claimed limitation 
wherein the one or more computer-readable media are physical storage media (See 
page 6, Section 0071) 

Referring to the rejection of claims 35 and 37, Spies et al. discloses a computer 
program product for use in a network environment that includes a plurality of computing 
systems capable of communicating using electronic messaging, a method for identifying 
a source computing system of an electronic message, the computer program product 
comprising one or more computer-readable media having stored thereon the following: 

computer-executable instructions for detecting the receipt of an electronic 
message; (See 3, Section 0041) 

computer-executable instructions for selecting one of a plurality of credentials 
included in a header portion of the electronic message; (See 3, Section 0042) 

and computer-executable instructions for identifying the source computer system 
using the selected credential (See 3, Section 0042) 

Referring to the rejection of claims 36 and 38, Spies et al. discloses the claimed 
limitation wherein the one or more computer-readable media are physical storage media 
(See page 6, Section 0071) 

Referring to the rejection of claim 39, Spies et al. discloses the claimed limitation 
wherein the computer-executable instructions for determining how to handle the 
credential and the electronic message comprise the following: 
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computer-executable instructions for consulting handling rules of at least one 
ancestral credential in the logical hierarchical tree; (See page 6, Section 0075) 

computer-executable instructions for consulting extended handling rules specific 
to the credential included in the electronic message; (See page 6, Section 0075) 

and computer-executable instruction for determining handling rules for the 
credential included in the electronic message by using the handling rules for the at least 
one ancestral credential as well as the extended handling rules specific to the credential 
included in the electronic message (See page 11 , Section 0120) 

Referring to the rejection of claim 40, Spies et al. discloses the claimed limitation 
wherein the credential includes biometric data (See page 3, Section 0042) 

Referring to the rejection of claim 41 , Spies et al. discloses the claimed limitation 
wherein the electronic message is a Simple Object Access Protocol (SOAP) envelope in 
which the header portion is the header portion of the SOAP envelope (See page 1 1 , 
Section 0122) 

Referring to the rejection of claim 42, Spies et al. discloses the claimed limitation 
wherein the electronic message is a HyperText Transport Protocol (HTTP) message, 
and wherein the header portion is a header portion of the HTTP message (See page 11, 
Section 0123) 

Referring to the rejection of claims 44 and 56, Spies et al. discloses in a network 
environment that includes a plurality of computing systems capable of communicating 
using electronic messaging, a method for a source computing system constructing an 
electronic message, the method comprising the following: 
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an act of encoding a credential that identifies the source computing device; (See 
page 2, Section 0042) 

an act of including the credential in a header portion of an electronic message; 
(See page 2, Section 0042) 

and an act of including, in the header portion, information indicative of a type of 
the credential (See page 2, Section 0042) 

Referring to the rejection of claim 45, Spies et al. discloses the claimed limitation 
wherein the information indicative of a type of the credential comprises a human- 
readable expression of the type of the credential (See page 3, Section 0041) 

Referring to the rejection of claim 46, Spies et al. discloses the claimed limitation 
wherein the information indicative of a type of the credential comprises information that 
is not a human-readable expression of the type of the credential, but nonetheless is 
information from which the type of credential may be derived (See 3, Section 0041) 

Referring to the rejection of claim 47, Spies et al. discloses the claimed limitation 
wherein an act of including in the header portion, an identification of an encoding format 
of the credential (See page 3, Section 0043) 

Referring to the rejection of claim 48, Spies et al. discloses the claimed limitation 
wherein an identification of an encoding format of the credential is not included in the 
header portion thereby indicating that a default encoding format has been applied (See 
page 2, Section 0042) 

Referring to the rejection of claim 49, Spies et al. discloses the claimed limitation 
an act of including an encryption manifest in the header portion to thereby designate 
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portions of a body portion of the electronic message that are encrypted (See page 9, 
Sections 0099-0101) 

Referring to the rejection of claim 50, Spies et al. discloses the claimed limitation 
wherein the credential includes biometric data (See page 3, Section 0042) 

Referring to the rejection of claim 51, Spies et al. discloses the claimed limitation 
wherein the electronic message is a Simple Object Access Protocol (SOAP) envelope, 
and wherein the header portion is a header portion of the SOAP envelope (See page 
11, Section 0122) 

Referring to the rejection of claim 52, Spies et al. discloses the claimed limitation 
wherein the electronic message is a HyperText Transport Protocol (HTTP) message, 
and wherein the header portion is a header portion of the HTTP message (See page 1 1 , 
Section 0123) 

Referring to the rejection of claim 53, Spies et al. discloses the claimed limitation 
wherein the credential is a license (See page 3, Section 0042) 

Referring to the rejection of claim 54, Spies et al. discloses the claimed limitation 
wherein the credential is in a binary format, wherein the act of including, in the header 
portion, an identification of a type of the credential comprises an act of including, in the 
header portion, an indication that the credential has the binary format (See page 3, 
Section 0042) 

Referring to the rejection of claim 55, Spies et al. discloses the claimed limitation 
wherein the credential is in a binary format, wherein the act of including, in the header 
portion, an identification of a type of the credential comprises an act of including, in the 
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header portion, an indication that the credential has the binary format (See page 3, 
Section 0042) 

Referring to the rejection of claim 57, Spies et al. discloses wherein the one or 
more computer-readable media are physical storage media (See page 6, Section 0071) 

Referring to the rejection of claim 58, Spies et al. discloses in a network 
environment that includes a plurality of computing systems capable of communicating 
using electronic messaging, a method for a source computing system constructing an 
electronic message, the method comprising the following: 

an act of including an electronic signature in a header portion of an electronic 
message, the electronic signature generated by a user; (See page 2, Section 0042) 

an act of generating a reference indicating where a credential associated with the 
electronic signature may be found; (See page 2, Section 0042) 

an act of including the reference in the header portion of the electronic message 
(See page 2, Section 0042) 

Referring to the rejection of claim 59, Spies et al. discloses wherein an act of 
including an encryption manifest in the header portion to thereby designate portions of a 
body portion of the electronic message that are encrypted (See 

Referring to the rejection of claim 60, Spies et al. discloses wherein the reference 
indicates that the associated credential may be found at a location that is internal to the 
electronic message (See page 14, Section 0166) 
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Referring to the rejection of claim 61 , Spies et al. discloses wherein the reference 
indicates that the associated credential may be found at a location that is external to the 
electronic message (See page 13, Section 0142) 

Referring to the rejection of claim 62, Spies et al. discloses wherein the 
credential includes biometric data (See page 3, Section 0042) 

Referring to the rejection of claim 63, Spies et al discloses wherein the electronic 
message is a Simple Object Access Protocol (SOAP) envelope, and wherein the header 
portion is a header portion of the SOAP envelope (See page 11, Section 0122) 

Referring to the rejection of claim 64, Spies et al. discloses wherein the electronic 
message is a HyperText Transport Protocol (HTTP) message, and wherein the header 
portion is a header portion of the HTTP message (See page 11, Section 0123) 

Referring to the rejection of claims 65 and 68, Spies et al. discloses in a network 
environment that includes a plurality of computing systems capable of communicating 
using electronic messaging, a method for a recipient computing system to verify the 
identity of a sender of an electronic message, the method comprising the following: 

an act of receiving the electronic message; (See page 2, Section 0042) 

an act of reading an electronic signature from a header portion of the electronic 
message, the electronic signature generated by a user; (See page 2, Section 0042) 

an act of reading a reference from the header portion, the reference indicating 
where a credential associated with the user may be found; (See page 2, Section 0042) 

an act of using the reference to find the credential; and an act of determining if 
the credential corresponds with the electronic signature (See page 2, Section 0042) 
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Referring to the rejection of claim 66, Spies et al. discloses wherein the reference 
indicates that the associated credential may be found at a location that is internal to the 
electronic message (See page 14, Section 0166) 

Referring to the rejection of claim 67, Spies et al. wherein the reference indicates 
that the associated credential may be found at a location that is external to the 
electronic message (See page 13, Section 0142) 

Referring to the rejection of claim 69, Spies et al. wherein the one or more 
computer-readable media are physical storage media (See page 6, Section 0071) 

Referring to the rejection of claim 70, Spies et al. in a network environment that 
includes a plurality of computing systems capable of communicating using electronic 
messaging, a method for a source computing system constructing a Simple Object 
Access Protocol envelope, the method comprising the following: 

an act of designating at least one destination address in the SOAP envelope, the 
destination address corresponding to one or more recipient computing devices; (See 
page 11, Section 0122) 

and an act of including a first security token in a header portion of the SOAP 
envelope, the first security token being at least derived from a first credential of a first 
credential type (See page 1 1 , Section 0122) 

Referring to the rejection of claim 71 , Spies et al. wherein an act of including a 
second security token in the header portion of the SOAP envelope, the second security 
token being at least derived from a second credential of a second credential type (See 
page 11, Section 0122) 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Courtney D. Fields whose telephone number is 571- 
272-3871 . The examiner can normally be reached on Mon - Thurs. 6:00 - 4:00 pm; off 
every Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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